diff --git a/ee/app/services/protected_environments/create_service.rb b/ee/app/services/protected_environments/create_service.rb
index 88febf2d8efb956093d6fa02eb1d5c36ede9f103..3569cbcae27fb6e3d3539d44e87ba4041361909a 100644
--- a/ee/app/services/protected_environments/create_service.rb
+++ b/ee/app/services/protected_environments/create_service.rb
@@ -2,7 +2,29 @@
 module ProtectedEnvironments
   class CreateService < ProtectedEnvironments::BaseService
     def execute
-      container.protected_environments.create(sanitized_params)
+      container.protected_environments.create(sanitized_params).tap do |protected_environment|
+        log_audit_event(protected_environment) if protected_environment.persisted?
+      end
+    end
+
+    private
+
+    def log_audit_event(protected_environment)
+      message = if group_container?
+                  "Protected environments of #{protected_environment.name} tier"
+                else
+                  "Protected an environment: #{protected_environment.name}"
+                end
+
+      audit_context = {
+        name: 'environment_protected',
+        author: current_user,
+        scope: container,
+        target: protected_environment,
+        message: message
+      }
+
+      ::Gitlab::Audit::Auditor.audit(audit_context)
     end
   end
 end
diff --git a/ee/app/services/protected_environments/destroy_service.rb b/ee/app/services/protected_environments/destroy_service.rb
index 3de576d37f9139c1820549d4960732b762916bc9..588e5bdede859069ba18fd5d41e1d8de4cec61b4 100644
--- a/ee/app/services/protected_environments/destroy_service.rb
+++ b/ee/app/services/protected_environments/destroy_service.rb
@@ -2,7 +2,29 @@
 module ProtectedEnvironments
   class DestroyService < BaseService
     def execute(protected_environment)
-      protected_environment.destroy
+      protected_environment.destroy.tap do |protected_environment|
+        log_audit_event(protected_environment) if protected_environment.destroyed?
+      end
+    end
+
+    private
+
+    def log_audit_event(protected_environment)
+      message = if group_container?
+                  "Unprotected environments of #{protected_environment.name} tier"
+                else
+                  "Unprotected an environment: #{protected_environment.name}"
+                end
+
+      audit_context = {
+        name: 'environment_unprotected',
+        author: current_user,
+        scope: container,
+        target: protected_environment,
+        message: message
+      }
+
+      ::Gitlab::Audit::Auditor.audit(audit_context)
     end
   end
 end
diff --git a/ee/config/audit_events/types/environment_protected.yml b/ee/config/audit_events/types/environment_protected.yml
new file mode 100644
index 0000000000000000000000000000000000000000..99581ca2e11b1b60a3a6a8c8d7be3b4ee4ff5ce3
--- /dev/null
+++ b/ee/config/audit_events/types/environment_protected.yml
@@ -0,0 +1,9 @@
+---
+name: environment_protected
+description: This event is triggered when a protected environment is created.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/216164
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108247
+feature_category: environment_management
+milestone: '15.8'
+saved_to_database: true
+streamed: false
diff --git a/ee/config/audit_events/types/environment_unprotected.yml b/ee/config/audit_events/types/environment_unprotected.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f0eda95b7be36dab3533cdf03c81a945ffbb3ade
--- /dev/null
+++ b/ee/config/audit_events/types/environment_unprotected.yml
@@ -0,0 +1,9 @@
+---
+name: environment_unprotected
+description: This event is triggered when an environment is unprotected.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/216164
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108247
+feature_category: environment_management
+milestone: '15.8'
+saved_to_database: true
+streamed: false
diff --git a/ee/spec/services/protected_environments/create_service_spec.rb b/ee/spec/services/protected_environments/create_service_spec.rb
index ec8ada27b3507690e80552bec856b3903bfdb93f..34e3291b111be11e383907d7694d6b8dbf102bc3 100644
--- a/ee/spec/services/protected_environments/create_service_spec.rb
+++ b/ee/spec/services/protected_environments/create_service_spec.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 require 'spec_helper'
 
-RSpec.describe ProtectedEnvironments::CreateService, '#execute' do
+RSpec.describe ProtectedEnvironments::CreateService, '#execute', feature_category: :environment_management do
   let(:project) { create(:project) }
   let(:user) { create(:user) }
   let(:maintainer_access) { Gitlab::Access::MAINTAINER }
@@ -23,6 +23,22 @@
     it 'creates a record on ProtectedEnvironment record' do
       expect { subject }.to change(ProtectedEnvironments::DeployAccessLevel, :count).by(1)
     end
+
+    it 'stores and logs the audit event' do
+      subject
+
+      protected_environment = project.protected_environments.last
+
+      audit_context = {
+        name: 'environment_protected',
+        author: user,
+        scope: project,
+        target: protected_environment,
+        message: "Protected an environment: #{protected_environment.name}"
+      }
+
+      allow(::Gitlab::Audit::Auditor).to receive(:audit).with(audit_context)
+    end
   end
 
   context 'with invalid params' do
@@ -32,6 +48,12 @@
       expect(subject.persisted?).to be_falsy
     end
 
+    it 'does not store or log the audit event' do
+      expect(::Gitlab::Audit::Auditor).not_to receive(:audit)
+
+      subject
+    end
+
     context 'multiple deploy access levels' do
       let(:params) do
         attributes_for(:protected_environment,
diff --git a/ee/spec/services/protected_environments/destroy_service_spec.rb b/ee/spec/services/protected_environments/destroy_service_spec.rb
index 0a77b981cb81d89464cf310da6d9af4e23ca3388..645eafb93645135262df84e82b85b3ca37c985c4 100644
--- a/ee/spec/services/protected_environments/destroy_service_spec.rb
+++ b/ee/spec/services/protected_environments/destroy_service_spec.rb
@@ -1,9 +1,10 @@
 # frozen_string_literal: true
 require 'spec_helper'
 
-RSpec.describe ProtectedEnvironments::DestroyService, '#execute' do
-  let(:project) { create(:project) }
-  let(:user) { create(:user) }
+RSpec.describe ProtectedEnvironments::DestroyService, '#execute', feature_category: :environment_management do
+  let_it_be(:project) { create(:project) }
+  let_it_be(:user) { create(:user) }
+
   let!(:protected_environment) { create(:protected_environment, project: project) }
   let(:deploy_access_level) { protected_environment.deploy_access_levels.first }
 
@@ -23,13 +24,36 @@
         subject
       end.to change { ProtectedEnvironments::DeployAccessLevel.count }.from(1).to(0)
     end
+
+    it 'stores and logs the audit event' do
+      audit_context = {
+        name: 'environment_unprotected',
+        author: user,
+        scope: project,
+        target: protected_environment,
+        message: "Unprotected an environment: #{protected_environment.name}"
+      }
+
+      expect(::Gitlab::Audit::Auditor).to receive(:audit).with(audit_context)
+
+      subject
+    end
   end
 
   context 'when the Protected Environment can not be deleted' do
+    let(:protected_environment_double) { instance_double(ProtectedEnvironment) }
+
     before do
-      allow(protected_environment).to receive(:destroy).and_return(false)
+      allow(protected_environment_double).to receive(:destroy).and_return(protected_environment)
+      allow(protected_environment).to receive(:tap).and_return(false)
     end
 
     it { is_expected.to be_falsy }
+
+    it 'does not store or log the audit event' do
+      expect(::Gitlab::Audit::Auditor).not_to receive(:audit)
+
+      subject
+    end
   end
 end